The popularity of smart phones in recent years has led to the widespread use of mobile phones equipped with a short-range communicator such as a Near Field Communication (NFC) module for exchanging data through contactless near field communication technology, as well as increased provision of NFC-based services. Among others, payment services using the NFC technology are expected to grow further, and credit card companies, Value Added Network (VAN) service providers, and mobile telecommunication companies around the world are launching their own services relating to payment services to attract users.
Credit cards are transitioning from existing magnetic stripe cards to contactless cards with improved security, and such contactless cards are being developed into mobile cards in line with the NFC technology for smart phones. The mobile card which is installed in a smart phone enables users to make payments both online and offline and provides a convenient payment service for users, and thus demand for such cards is on the rise.
To provide such payment service using the mobile card, offline stores may have an NFC reader module installed in a Point Of Sales (POS) machine in their stores to approve the mobile card, and transactions using the contactless cards are made through the NFC reader installed in the POS machine. More specifically, if a customer purchases goods, the seller inputs the price or product information and asks the customer to contact the card to the POS machine. If the customer contacts his/her contactless card (mobile card) to the POS machine, a predetermined process (e.g., contactless Europay, MasterCard and Visa (EMV) process) is performed, and an authentication process such as affixing a signature or inputting a Personal Identification Number (PIN) number is performed. If the process is successfully completed, the POS machine transmits information of the contactless card, which has been extracted through the aforementioned process, to a Payment Service Provider (PSP) server for approval. If the POS machine obtains normal approval from the PSP server, a receipt for the purchase is output and the purchase process is completed.
A mobile version of the POS machine has been launched to perform the purchase process of the POS machine on mobile phones. If a smart phone is equipped with an NFC module, the role of the NFC reader of the existing POS machine is performed by the smart phone itself, and the payment process has also been developed to be performed on the mobile phone.
However, in the case of the mobile POS based on smart phones, anyone can develop/distribute/install applications since the smart phone has an open-type platform. Thus, secure data of the contactless card, i.e., card number, name and other important information may be exposed by an application including a malicious code created for malicious purposes. Also, the NFC process of smart phones is not encoded, and if a user reads data of the contactless card through the NFC function of the smart phone, the data are transmitted in the un-encoded form from an NFC chip as hardware of the smart phone to the highest application terminal, and there is a possibility of exposing information.
The above information is presented as background information only to assist with an understanding of the present disclosure. No determination has been made, and no assertion is made, as to whether any of the above might be applicable as prior art with regard to the present disclosure.